The present invention relates to authentication of user identity, and more specifically to secure authentication of a user's identity through quick response (QR) codes.
Authentication of a user's identity over the Internet has become increasingly challenging in view of online fraud and exploitation of computer security by others. To meet this challenge, U.S. Pat. No. 8,654,971 uses an authentication engine which includes a data splitting module and data assembling module as well as encryption and decryption. Referring to paragraph [0132] “ . . . . The data splitting module 520 advantageously comprises a software, hardware, or combination module having the ability to mathematically operate on various data so as to substantially randomize and split the data into portions.” This system utilizes encryption and decryption of data which can be intercepted and decrypted.
Other solutions use multiple entities, for example US Publication No. 2013/0019096 discloses a first entity for communicating with a second entity and a third entity which includes a data subdivider for subdividing a data entity into a first data portion and a second data portion. The data portions are processed by an output interface for transmitting a first message to the third entity and the second message to the second entity. In the third entity, the data portion directly received from the first entity and the other data portion received via the second entity are reassembled. This system utilizes multiple entities and if one of the entities does not respond, the transaction cannot be completed.
WO 2009/144010 discloses a server device for performing a transaction in a system having a first entity, such as a POS, a second entity, such as a user having a mobile phone with a digital camera, and a remote server. The first entity generates a code having a transaction information and sends a first message to a server. The second entity, such as a buyer of a product or a user of a service captures the code and transmits a second message to the server having information on the transaction extracted from the code. The transaction is only authorized, when the server has determined that the first message and the second message match with each other. The transaction can be a payment transfer, a grant of an access to a service or a grant of an access to an internet portal. With this system others can exploit the system and possibly capture the data during the request for information from the second entity or from the response of the second entity during transmission.
A Quick Response (QR) code is an example of a visual code comprising a matrix barcode or two-dimensional barcode representing information. A QR code has black modules or square dots which are arranged in a square grid on a white background, which can be read by an imaging device or device computer 52. Data is extracted from the patterns present in both horizontal and vertical components of the image representing the QR code. A representative QR code can be seen at 108 in FIG. 2.
It will be understood that the term “QR code” is used in the examples herein, the term is meant to encompass not just coding following the specific QR standard, but any other visual code technology which offers similar capabilities.